Add an IPsec Policy
You are here: VPN > IPsec (Phase II).
To add an IPSec policy:
- Click the add icon (+) on the upper right side
of the IPSec Policy tab of IKE (Phase II) page.
The Add Policy page appears.
- Complete the configuration according to the guidelines provided in Table 1.
- Click OK to save the changes. If you want to discard your changes, click Cancel.
Table 1: Fields on the Add Policy Page
Field | Action |
|---|---|
| IPSec Policy | |
Name | Enter a name of the remote gateway. |
Description | Enter a description of the policy to associate it with an IPSec tunnel. |
Perfect Forward Secrecy | Displays the method the device uses to generate the encryption key. PFS generates each new encryption key independent of the previous key. Select a method from the list:
Note: From Junos OS Release 19.1R1 till Junos OS Release 20.2R1, the new DH-Groups supports SRX5000 Series devices with SPC3 card upon installation of junos-ike package only. To install junos-ike package from J-Web, navigate to Configure > Security Services > IPsec VPN > Global Settings and click Install. |
| Proposal | |
Predefined | Specifies that the anti-replay checking feature of IPsec be disabled. By default, anti-replay checking is enabled. Select Predefined, and select a proposal type from the list:
|
User defined | Specifies a list of proposals previously defined by the user. Click User Defined, select Proposals from the pop-up menu, and then click Add. Note: When this IKE policy is configured for Dynamic VPN, the selected P1 proposal can only have one item for User Defined proposal. |
Proposal List | Select the P1 Proposals from the Available table and by using the arrow move it to the Selected P1 Proposals table. Note: When this IKE policy is configured for Dynamic VPN, the selected P1 proposal can only have one item for User Defined. |